Password managers explained: do you need one? Are they safe?

Font Size:

We know we are supposed to have passwords that should be changed regularly, but very few of us actually do it. Coming up with strong, varied passwords can be painful. And remembering them? Forget about it.

Most people use very weak passwords and reuse them across many ‘logins’. So, how are you supposed to use strong, unique passwords for all the sites and stores and subscriptions in your system? The answer is to use a password manager.

Password managers will securely store your login information and help you to log into sites automatically. They encrypt your password database with a master password – the only one you have to remember. Or you can create your own master password. Just make sure it’s impossible to crack and, whatever you do, don’t forget it!

Types of password managers include:

  • locally installed software applications
  • online services accessed through website portals
  • locally accessed hardware devices that serve as keys.

Locally installed software
Password managers are commonly stored on the user’s personal computer or mobile device in the form of a software application. These apps can be offline, with the password database stored on the same device, or they may offer or require a cloud-based approach, where the password database is stored remotely.

Some offline password managers do not require internet permission, so there is no leakage of data due to the network. To some extent, a fully offline password manager is more secure, but may be much weaker in convenience and functionality than an online one.

Web-based services
An online password manager is a website that securely stores login details. They are a web-based version of more conventional desktop-based password managers.

The advantages of online password managers over desktop-based versions are portability and a reduced risk of losing passwords through theft from or damage to a single PC.

Hardware devices
Security tokens can also act as a password manager. Smart cards or secure USB flash devices are used to authenticate a user in lieu of or in addition to a traditional text-based password.

The data stored in the token is usually encrypted to prevent probing and unauthorised reading of the data.

What can go wrong?
While password managers are generally very safe and improve your online security, there are still some vulnerabilities.

As with any system that involves the user entering a password, the master password may also be attacked and discovered by those intent to act maliciously. This risk can be mitigated with the use of multi-factor verification for your device.

Some password managers include a password generator and these generated passwords may be guessable if they use a weak number generator instead of a cryptographically secure one, so this is something you will want to investigate before signing up.

If you enjoy our content, don’t keep it to yourself. Share our free eNews with your friends and encourage them to sign up.

Join YourLifeChoices today
and get this free eBook!

Join
By joining YourLifeChoices you consent that you have read and agree to our Terms & Conditions and Privacy Policy

RELATED LINKS

Turn yourself into a pro for those all-important family video calls

Video calls are vital during COVID-19. Here are some simple ways to improve them.

How to identify who is calling you from that number

Drew explains how to find out who is calling you via an internet search.

Ten useful things you didn't know Google Maps could do

Google Maps is great for directions, but wait, there's so much more it can do.

Written by Ben

15 Comments

Total Comments: 15
  1. 0
    0

    Any recommendations from someone with “hands on” experience of password managers?

    • 0
      0

      Hi Alan,

      Forget about password managers and use this nifty little application called “ShortKeys”

      It monitors your key strokes, and when it recognises a predefined character string (say a 3 character code such as “1pw”), spits out whatever password you have previously set up on the screen.

      Say you define “1pw” to generate a predefined password such as “60324kK*” then typing in “1pw” will instantly generate the password “60324kK*” as if it was typed on your keyboard.

      So easy!

      You have replaced a complex, hard to remember, password with an easily remembered 3 character key, which if you forget it, can be looked up in an associated ShortKeys table.

      This application can also be used to instantly generate useful things such as your address, telephone number, many other passwords, usernames, account numbers, etc. … or any text string you can think of.

      I couldn’t do without it!

    • 0
      0

      Thanks CO. I’ll check it out.

    • 0
      0

      Hi CO,

      I had a look at that shortcut program.

      As it says, you use a shortcut key to remember a longer password. In my case I am looking for something to look after my `130+ passwords.

      You’d need to remember the same number of shortcuts as you have passwords? Am I right in this?

    • 0
      0

      Hi Alan, ” I am looking for something to look after my `130+ passwords”

      WTF? How did you manage to accumulate 130+ passwords?

      I have trouble accumulating ten passwords and I do a lot of logging in.

      You’re doing something stupid there I think.

      You know you can spread one password over many different logins don’t you?

      Could you list some of the logins making up your 130+? I’m curious ….

      Unbelievable …

    • 0
      0

      Hi CO,

      I’m doing something stupid you reckon. I think using the same password for many different sites is absolute madness. Where’s your security there? if someone manages to get your password then they can access multiple sites with the one password. The one thing we are told over and over is NOT to use the same password for more than 1 site.

      BTW ….. looking at the size of the net and the places we go to regularly, I don’t think 130 sites is unbelievable. Of course there are only 30-40 that get used regularly and the rest might only be used once every couple of months.

    • 0
      0

      Hi Alan,

      “using the same password for many different sites is absolute madness”

      Really?

      I have used the same username and password for ALL my shopping sites for many years now without any problems.

      For my internet banking there is additional security provided by a bank-supplied code generator token next to the computer which would be impossible to hack.
      This code has to be entered correctly after logging in conventionally, and before any transactions can take place.

      I will likely upgrade to having a separate security code SMS’d to my mobile phone in future.

      So that makes three separate items that a would-be hacker has to know. A difficult if not impossible task

      This, together with a very strong password

  2. 0
    0

    There are dozens of password managers. Each claims to be the best. But which are secure and trustworthy? Any recommendations?

    • 0
      0

      Hi Mel,

      Why not use the password managers built into most, if not all, web browsers?

      They save passwords by default or you can reconfigure them to do so.

      They can save a separate password for each site you visit, so that you don’t need any extra software.

  3. 0
    0

    I have been using Roboform for years and find it very easy to use. there is a choice of a free package which offer about 20 passwords or paid package which provides unlimited passwords. It also allows you to set up your personal details and credit card information if you wish allowing a single click to populate all those competition sites. All this by remembering one single master password

  4. 0
    0

    What can go wrong? Everything. Came home about 5 years ago from a holiday cruise, found I’d been burgled, and had my laptop, camera, movie camera, jewellery, and car, stolen. Nothing recovered. Glad I had my passwords in a different place.

  5. 0
    0

    I have used an app called 1Password for a few years. It’s easy to use and free. All you have to remember is the master password.

  6. 0
    0

    Have used Keepass for years with no problems. It’s free and very easy to use.

    https://keepass.info/news/n200507_2.45.html


FACEBOOK COMMENTS



SPONSORED LINKS

continue reading

Entertainment

Friday Funnies: Short jokes for the shortest month

February flies by too fast, just like these short but sharp jokes. What is the recipe for Honeymoon Salad?Lettuce alone...

Food

Succulent Spice-Roasted Salmon

These little salmon bites are something I've made time and time again over the years and this method of roasting...

Photos

How to take great pictures of gardens

If you've never been too good at taking pictures of your beautiful blooms, now's the time to brush up on...

Aged Care

Paid on par with cleaners: the broader issue affecting aged care

Paid on par with cleaners: the broader issue affecting the quality of aged care Ben Farr-Wharton, Edith Cowan University; Matthew...

Food

Researchers fear diet produces ‘untoward effects on the heart’

The keto diet, lauded for its purported fat-burning capabilities, could be bad for your heart, according to new research. The...

COVID-19

Vaccine overdose cases raise questions over doctor training

Australia's vaccine rollout suffered a major hiccup, with health minister Greg Hunt revealing on Wednesday that two elderly residents at...

Retirement Income

Why middle-income Australians are the big losers in retirement

Australia's middle-income earners are losing out when it comes to retirement income. That's the view of Mercer's senior partner, David...

Food

Nine food and heart health myths busted

Should you cook with butter or olive oil? Is that drink of red wine protecting your heart? Pink Himalayan salt is healthy, right? There...

LOADING MORE ARTICLE...